The term DDoS whistles past whenever cyber-activism rears up its head en-masse. These kind of attacks make international headlines because of multiple reasons. The issues that jumpstart those DDoS attacks are often controversial or highly political. Since a large number of regular users are affected by the attacks, it’s an issue that plays with the people.

Perhaps most importantly, a lot of people don’t know what constitutes a DDoS attack. Despite its rising frequency, looking at the paper’s headlines, DDoS attacks can be anything from digital vandalism to fully-fledged cyber-terrorism.

So what does a DDoS, or Distributed Denial of Service attack entail? How does it work, and how does it affect the intended target and its users? These are important questions, and this is what we’re going to be focusing on in this instance of MakeUseOf Explains.

Denial Of Service

Before we tackle the issue of DDoS, or Distributed Denial of Service attacks, let’s look at the larger group of Denial of Service (DoS) issues.

Denial of Service is a broad issue. Simply put, a website experiences DoS issues when it is no longer able to service its regular users. When too many people flock to Twitter, the Fail Whale pops up, indicating that the website has reached and passed maximum capacity. In essence, Twitter experiences DoS.

Most of the time, these issues are instigated without malicious intent. A large website links to a small website, which isn’t built for the same level of traffic.

A Denial of Service Attack, then, indicates malicious intent. The attacker spends effort trying to instigate DoS issues. The techniques used here vary wildly – a DoS attack refers to the intended result of the attack, not the way it is executed. Generally, by hogging the system’s resources, it can render the system unavailable to its regular users, ultimately even crashing the system and taking it down entirely.

Distributed (DDoS) Attacks

The difference between Distributed Denial of Service (DDoS) and regular DoS attacks is the scope of the attack. Where a DoS is carried out by a single attacker using a single system, a Distributed attack is carried out across multiple attacking systems.

Voluntarily Participating Agents

Sometimes multiple attackers join up, each willingly participating in the attack. Software that’s used to stress-test systems, or software specifically designed to wreck havoc is installed on each system. For the attack to work, it needs to be coordinated. Coordinated through IRC chat rooms, forums, or even Twitter feeds, the attackers throw themselves en-masse on a single target, trying to flood it with activity to disrupt usage, or crash the system.

What’s important to remember here is that the website storefront is flooded and crashed, whereas the bank’s and security agencies’ internal networks are usually left untouched, as explained in XKCD comic 932, shown above.

Although the website targeted by the DDoS attack is usually portrayed as the sole victim, users with infected systems that are part of the botnet are similarly affected. Not only are their computers used in illicit attacks, their computer’s and Internet connection’s resources are consumed by the botnet.

Attack Types

As mentioned before, a DDoS attack only states the intent of the attack – robbing a system of its resources and making it unable to perform its intended service. There are several ways to achieve this goal. The attacker can hog the system’s resources, or even push the system over the brink and make it crash. In severe cases, a Permanent Denial of Service (PDoS) attack, also known as phlashing, wreaks so much havoc on its target that hardware components need to be entirely replaced before being able to recommence normal operation.

We’ll take a look at two important attack methods. This list is by no means comprehensive. A bigger list can be found on Wikipedia’s DoS article.

ICMP Flood

The ICMP (or Internet Control Message Protocol, but that’s less important) is an integral part of the Internet Protocol. An ICMP flood attack is carried out by bombarding a network with network packages, using up resources and crashing it. One type of attack is a Ping Flood, a simple DoS attack where the attacker effectively overwhelms its target with ‘ping’ packets. The idea here is that the attacker’s bandwidth is larger than its target’s.

A Smurf attack is a smarter way of ICMP flooding. Some networks let network clients broadcast messages to all other clients by sending it to a single broadcast address. A Smurf attack targets this broadcast address and makes its packages look as if they came from within the target. The target broadcasts these packages to all network clients, effectively serving as an amplifier for the attack.

(S)SYN Flood

A (S)SYN Flood relies on the essential operating principles of network communication. During normal operations, a client starts communication by sending the server a TCP/SYN package, essentially telling the server it wishes to communicate. The server, upon receiving the package, creates a connection to communicate with the client and sends back acknowledgement and a reference to the communication channel.

The client sends back an acknowledgement in turn, and starts its communication with the server. However, if the client does not answer with that second acknowledgement, the server asumes it didn’t arrive properly (as happens reasonably often) and resends it.

A (S)SYN Flood abuses this mechanic by sending countless of TCP/SYN packages (each with a different, fake origination specified). Each package prompts the server to create a connection and keep sending acknowledgements. Before long, the server has used up its own resources with half-open connections. This principle is illustrated in the comic above, drawn and posted by Redditor verisimilarity.

As explained above, DDoS attacks are varied but have a singular purpose: (temporarily) keeping authentic users from using the target system. Does this agree with your initial ideas on DDoS attacks? Let us know in the comments section.

A DoS attack is usually an accident in most cases, but one individual can easily take down a website with 100mps-1gb a second internet upload speed by using Perl scripts or another source of programs they can download from the internet. When #opIran and #opIsrael were still big and going on we took down over 700+ sites and defaced (changed the homepage) of 200+ israel sites 19 of which were major government sites.

Wondering... so a server makes as many connections as it is capable and when it's fully engaged, it's fully engaged -- and other clients will just have to wait. How does this process wreck havoc to the host server's hardware and all??

It doesn't particularly harm the hardware, unless the load on the server(s) overheats it. It does, however, make it impossible for the server(s) to operate properly; it's like trying to have a proper conversation with someone, all while a hundred idiots are shouting gibberish in your ear.

Most antivirus in this generation offers real time protection, so an attach can be foreseen within a few minutes on detecting abnormal behaviors. Also, malicious intent usually involves stealing personal information or destroying the system, however unlikely it won't be possible if you have an updated antivirus package which offers good protection.

Most web servers don't run antivirus, and antivirus does nothing to mitigate a DDOS attack; it's a website or web-based service that's being attacked, not a computer in someone's home, and it's not malware running on the affected computer, it's a flood of unwanted, useless Internet messages overwhelming the server, making it impossible for the web server to operate properly.

A ddos attack is not a virus and cannot be stopped by an antivirus. The attack is NOT on your particular computer - it is attacking the site you are trying to access - it is blocking you - and any others who want to use that site from access to a particular site. It does this by flooding the site (not your computer) with requests. The ddos does not try to put anything on your computer and does not even look at your computer.

I'm a writer and computer sciences student from Belgium. You can always do me a favor with a good article idea, book recommendation, or recipe idea. You'll also find me on Facebook, Twitter and Google+.